How to Configure VPN

VPN Configuration

Gateway to Gateway VPN Configuration:

Figure showing VPN connection between two routers in different LAN, may be different place or different country.

To configure this you have to configure flowing values on both routers.

Tunnel No.	// Chose your Tunnel No.
	Tunnel Name
	Interface	WAN1 WAN2
	Enable

---

Local Group Setup

Local Security Gateway Type

IP Only IP + Domain Name(FQDN) Authentication IP + E-mail Addr.(USER FQDN) Authentication Dynamic IP + Domain Name(FQDN) Authentication Dynamic IP + E-mail Addr.(USER FQDN) Authentication

IP address

. . . //This is your router WAN IP

Local Security Group Type

IP Subnet IP Range

	IP address	. . .
	Subnet Mask	. . .

---

Remote Group Setup

Remote Security Gateway Type

IP Only IP + Domain Name(FQDN) Authentication IP + E-mail Addr.(USER FQDN) Authentication Dynamic IP + Domain Name(FQDN) Authentication Dynamic IP + E-mail Addr.(USER FQDN) Authentication

IP address IP by DNS Resolved

. . . // This is Remote Router WAN IP

Remote Security Group Type

IP Subnet IP Range

	IP address	. . .
	Subnet Mask	. . .

---

IPSec Setup

Keying Mode

Manual IKE with Preshared key

	Phase1 DH Group	Group1 Group2 Group5
	Phase1 Encryption	DES 3DES AES-128 AES-192 AES-256
	Phase1 Authentication	MD5 SHA1
	Phase1 SA Life Time	seconds
	Perfect Forward Secrecy

Phase2 DH Group

Group1 Group2 Group5

	Phase2 Encryption	NULL DES 3DES AES-128 AES-192 AES-256
	Phase2 Authentication	NULL MD5 SHA1
	Phase2 SA Life Time	seconds
	Preshared Key	// Chose this on HEX or arbitrary

If you follow above instruction, I think you will reach the goal.

N.B: IPSec Setup portion can vary on different brand router. Also vary the format of configuration. But the major things you should in mind that the local gateway and work group IP and Remote Gateway and work group IP you have to configure. To make the tunnel secure give an Preshared Key.

Client To Gateway VPN Configuration:

If you try to reach your office internal LAN for do job from abroad you have to configure Client to Gate VPN configuration.

Tunnel

Group VPN

	Tunnel No.
	Tunnel Name
	Interface	WAN1 WAN2

Enable

---

Local Group Setup

Local Security Gateway Type

IP Only IP + Domain Name(FQDN) Authentication IP + E-mail Addr.(USER FQDN) Authentication Dynamic IP + Domain Name(FQDN) Authentication Dynamic IP + E-mail Addr.(USER FQDN) Authentication

IP address

. . . //Your Local Router Gateway IP

Local Security Group Type

IP Subnet IP Range

	IP address	. . . // Local work Group IP
	Subnet Mask	. . .

---

Remote Client Setup

Remote Client

IP Only IP + Domain Name(FQDN) Authentication IP + E-mail Addr.(User FQDN) Authentication Dynamic IP + Domain Name(FQDN) Authentication Dynamic IP + E-mail Addr.(User FQDN) Authentication

IP address IP by DNS Resolved

. . . // Remote Laptop or PC IP

---

IPSec Setup

Keying Mode

Manual IKE with Preshared key

	Phase1 DH Group	Group1 Group2 Group5
	Phase1 Encryption	DES 3DES AES-128 AES-192 AES-256
	Phase1 Authentication	MD5 SHA1
	Phase1 SA Life Time	seconds
	Perfect Forward Secrecy

Phase2 DH Group

Group1 Group2 Group5

	Phase2 Encryption	NULL DES 3DES AES-128 AES-192 AES-256
	Phase2 Authentication	NULL MD5 SHA1
	Phase2 SA Life Time	seconds
	Preshared Key	// Chose this on HEX or arbitrary

The above format of configuration may vary on different brand Router. But you have to configure Local Router gateway IP , Local User group IP and Remote Laptop/PC IP.